Malware remnant

My computer was infected and I ran
CCleaner, Ad-Aware, SpyBot S&D, Malwarebyte's Anti-Malware and AVG Anti-Spyware. These found a lot of infections and cleaned them out, but I'm left with one problem: on start up my computer displays the error message "RUNDLL
Error loading C:\Documents and Settings\Bella\Application Data\Adobe\Update\wndmor.dat". My computer also makes clicking noises.

I've run Malwarebyte (again), GMER and DDS. I've copied the Malwarebyte and DDS logs below (and attached the second DDS log). When I tried to run GMer it ran fine, but when I tried to save the scan it hung so badly I had to restart my computer, so I haven't attached any of the GMER scans.

Look in programs startup on the start menu and remove the link if it is in there if it is not goto start run regedit browse to hklm/software/microsoft/windows/current version/run and see if there is a link in there

Thanks for the reply! I'm not sure I understood it correctly though. I'm running Windows XP. On my start menu I don't have 'programs startup' or anything that looks like it. Do you have any idea what alternative names it might be under?

Found several things worth noting in your logs.
#1. If the computer really IS clean the MBA-M scan would show clean. It doesn't, items were found. It would help to see the logs from the original MBA-M scans to see what infections were removed.
#2. You are running McAfee Security Scan Plus which runs all the time in the back ground, can interfere with your AVG and really isn't a good idea. You really should uninstall this.
#3. You have the AdAware background service running, also not a good idea as it can interfere with fixes done. It should be stopped, or better yet also removed. AdAware just isn't the program it used to be.
You have a VERY questionable site listed in your Hosts: spywareinfo.com gets some very conflicting ratings for Phishing, links to malware/spyware, distribution of rogue programs. That shouldn't be in there and should also be removed.

You have questionable items in your add/remove
RON Tool Banners4u is possibly a trojan.

Can you posts the logs from MBA-M showing the actual removals of the original infections? Also please run HiJackThis and post the log from that.

I didn't say there wasn't something deeper wrong, I don't know that for sure.
The MBA-M logs are stored by date done...oldest at the top of the list, newest at the bottom.
Give me the HJT log asap.

Uninstall that program, RON Tool Banners4u now. Remember, you posted all this 2 days ago, by waiting any longer to do anything you risk more infection if there are still infected files. Cleaning a computer of infections is not something that should be "piece meal" fashion every couple of days but should be started and continued on through to completion. The longer you wait the more infected you can become.

you have time to delete my post but no time to carefully to see thread content?

do you see that "on start up my computer displays the error message "RUNDLL
Error loading C:\Documents and Settings\Bella\Application Data\Adobe\Update\wndmor.dat". "??

what's wrong with you ?

I will type this s-l-o-w-l-y for you.
The thread starter has not posted an hijackthis log and up to now, we have no idea if it even has been downloaded by him/her yet.
The line you posted to remove was taken from the DDS scan log. Even if the OP has hijackthis, the line you posted

to have removed will not appear that way in the scan.
That is what is wrong with me. When ppl come here and think they know it all and post all kinds of rubbish, it is the long-time members that are left to pick up the pieces.
As I said before, if you do not know what you are doing, please refrain from posting here.

I'm really sorry for the delay in replying. I understand about infections spreading if left only half dealt with and also about your limited time. I've had a very ill pet I've been caring for for the last week and juggling him with work left me with no time. However next week should be better and I will reply to your posts promptly!

I've removed the possible trojan, and posted the previous m-bam scan and today's hijackthis log below. How do I remove the questionable host, spywareinfo.com?

That Malwarebytes' log you posted is two version out of date and the scan showing was run on Feb. 9th.

2010-02-09

It means nothing as far as this problem goes.
The program needs to be updated to the current version and newest database and a new FULL scan needs to be run. Items found need to be remove, the computer needs rebooting and then a new HJT scan needs to be run.
I cannot offer any suggestions until these two things are completed.

I'm sorry. I misunderstood your original post. I thought you wanted the scan previous to the one I posted in my first post. Sorry. Below are the (updated) mbam and hijack this logs, that I have just done (with a reboot in between).

No problem at all, especially not given how long I took to reply last week;)
Thanks for the reply!

Unfortunately I can't scan the file you ask for.
C:\Documents and Settings\Bella no longer contains an Application Data folder. Before I posted my first post (and ran the scans I posted) I uninstalled Adobe because I thought that the error message might indicate a corrupt version of Adobe.

Download the OFFLINE INSTALL and save it to the desk top.
Then close all browsers. Go to Add/Remove and Uninstall all the old java listings that you see there. Once that is finished then double click that install file on the desk top to install the newest version. Watch the install as it proceeds very carefully. Very often extra tool bars that you don't need are included. If you see one of these listed with a check mark next to it just remove the check mark and the install will proceed with out that unneeded tool bar.
Once the install is complete go back to the download page and on the right side click Verify Now to go to the verification page where you will check to be certain the install was successful.
Once that is done then run a new HJT scan, save the log and post that new log back here.